German Data Retention Law Threatens Privacy of Internet Users

As new German data retention law offends human rights, the solution to keeping one's data private is a VPN, among others

​Germany’s data-retention law, passed last November, is in transitional period. Enacted on Dec. 18, 2015, the law will become binding on July 1, 2017. The new law requires all phone and Internet service providers to store call records, IP addresses and other meta data about their users. NordVPN believes that basic human right to privacy is undermined by the new law. Although the law could still be appealed in German and EU courts, ISPs should get ready by mid 2017 to technically be able to execute the mass data retention program. 

It is not the first time Germany passed a law to store telecommunication data. Back then, a mass constitutional complaint by around 34,000 Germans followed in March 2010. Thanks to the efforts by the former justice minister Leutheusser-Schnarrenberger, the German Federal Constitutional Court struck the mass surveillance program down.

The best-proven way to avoid data retention is through a VPN. A VPN encrypts your data through a secure tunnel before accessing the Internet - this protects any sensitive information about your location by hiding your IP address.

Marty P. Kamden, CMO

This time around, with the change of leadership, the new data retention law has once again passed. The legislation proposes a requirement for all telecommunications and Internet service providers to retain user metadata for up to 10 weeks.

Metadata does not include the specific content of web or phone conversations, but a digital footprint is significant enough to ID who you called, where from, for how long, etc. Also, due to technicality, text messages would be retained in full. The data would be retained and could be accessed by appointed government officials with a warrant.


1. The Criminal Police Union (BDK) believe the legislation is not going far enough. They believe 10 weeks is too short to gather information for cybercrimes and offers a weak definition of ‘severe crimes’ that warrant more in-depth investigation into suspect.

2. Data Retention Law would not protect the privacy of people with professional secrets, which is a guarantee under EU law, says Wolfgang Kubicki, deputy leader of the liberal Free Democratic Party (FDP)

3. European Single Market regulations might be at odds with the German data retention law, as it might give Germany an unfair advantage over other countries if it will force companies to use German servers for easier data access.

4. The fact that the previous data retention law in Germany was deemed unconstitutional by German Federal Court stating violations of human rights is cause to question if the proposed amended legislation goes far enough to address problems deemed unconstitutional in the first place.

5. It is unclear what would happen if your ‘digital footprint’ raised suspicion after examination. Would the collected evidence be grounds for a digital surveillance or phone tap warrant to be issued?

6. More countries are choosing tougher national security measures like surveillance or data retention — i.e. recent Australia’s Data Retention Law [logging data for 2 years], Canada’s Bill C-51 – [logging data for 6 months] or US – Stored Communications Act [requiring ISPs to log data for up to 90 days upon request].  It is yet to be proven if this is an effective strategy when dealing with either cybercrime or security on the national scale.

7. The fact that so many parties will be involved in handling sensitive information is a huge issue in itself, as the likelihood of mishandled data is quite high.


The best-proven way to avoid data retention is through a VPN. A VPN encrypts your data through a secure tunnel before accessing the Internet – this protects any sensitive information about your location by hiding your IP address. Virtual Private Networks connects you to the Internet through an alternative path than your ISP. The only information visible is that you are connected to a VPN server and nothing more. All other information is encrypted by the VPN’s protocol.

This is handy when you don’t want your real IP traced back to you. It is very important to use a VPN service that has a strict no log policy to ensure your data is not logged and forwarded to the ISP if requested. NordVPN does not store logs and could not forward them to the ISPs as they would not have such data.

Leutheusser-Schnarrenberger, the prominent opponent to German data retention laws, has said that “all security agencies, both on the national and state level, have never provided any comprehensive study that would prove the necessity of data retention.”

For more information about NordVPN, please visit

Source: NordVPN